LLMpediaThe first transparent, open encyclopedia generated by LLMs

SecureDrop

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: WikiLeaks Hop 4
Expansion Funnel Raw 46 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted46
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
SecureDrop
SecureDrop
source
NameSecureDrop
DeveloperFreedom of the Press Foundation
Released15 October 2012
Programming languagePython
Operating systemLinux
GenreWhistleblower submission system
LicenseAGPLv3

SecureDrop. It is an open-source software platform designed to facilitate the secure and anonymous submission of documents by whistleblowers to media organizations. Originally created by the late Aaron Swartz and Kevin Poulsen, the project is now maintained and developed by the Freedom of the Press Foundation. The system operates on the principle of protecting sources through strong encryption and minimizing digital footprints, allowing journalists to receive sensitive information while safeguarding the identity of their contributors.

Overview

The platform functions as a hardened Tor hidden service, providing an encrypted portal accessible only through the Tor Browser. Sources are assigned unique, randomly generated codenames for future communication, and all submissions are encrypted on the server before journalists can access them. Major investigative outlets such as The New York Times, The Guardian, and The Washington Post have integrated this system into their newsrooms. Its design emphasizes operational security, ensuring that even the hosting organization cannot easily identify submitters, thereby protecting against both corporate and state-level surveillance.

History and development

The initial concept, then named DeadDrop, was conceived by Aaron Swartz and developed with assistance from Kevin Poulsen, a former hacker turned journalist at Wired. Following Swartz's death in 2013, the project was adopted and renamed by the Freedom of the Press Foundation, with significant early funding from the John S. and James L. Knight Foundation. Core development has been led by figures like James Dolan and the late Micah Lee, who helped transition the codebase and enhance its security posture. The platform's evolution has been closely tied to high-profile leaks, including those facilitated by Edward Snowden, which underscored the critical need for robust source-protection tools in journalism.

Technical architecture

The system is built primarily using the Python-based Django web framework and is deployed on a physically isolated server running a Debian-based Linux distribution. It utilizes the Tor anonymity network to obscure network traffic and employs GNU Privacy Guard for end-to-end encryption of all messages and documents. Each source interaction is handled through ephemeral, encrypted sessions, and the server is designed to store minimal metadata. The code is publicly auditable under its AGPLv3 license, and security assessments have been conducted by organizations like the University of Washington and Trail of Bits.

Deployment and usage

Installation typically involves configuring a dedicated server, often using a pre-configured image for platforms like Qubes OS or a standalone VirtualBox appliance. Over sixty major news organizations worldwide now operate active instances, including The Associated Press, BBC, and ProPublica. The Freedom of the Press Foundation provides extensive documentation and support for integrating the system into existing editorial workflows. Notable leaks received through such channels have contributed to major stories published in Der Spiegel, The Intercept, and Reuters, demonstrating its utility in global investigative reporting.

Security and threat model

The design assumes a powerful adversary capable of monitoring network traffic, compromising server infrastructure, or coercing the hosting organization. Defenses include mandatory use of the Tor network, protection against timing attacks, and encryption that prevents even system administrators from reading submissions. The threat model accounts for risks from entities like the Federal Bureau of Investigation or sophisticated APT groups. Regular security audits and a responsible disclosure policy for vulnerabilities are maintained to address emerging threats, such as those identified by the Tor Project or independent researchers at Google.

Reception and impact

The platform has been widely praised by digital rights groups like the Electronic Frontier Foundation and the Committee to Protect Journalists for advancing source protection. It has become a standard tool in major investigative units, influencing the practices of institutions like the International Consortium of Investigative Journalists, notably during the Panama Papers and Pandora Papers leaks. Critical analysis sometimes highlights the complexity of its setup and the need for source education on tools like the Tor Browser. Its existence represents a significant countermeasure against pervasive surveillance, championed by advocates such as Daniel Ellsberg and organizations like Reporters Without Borders.

Category:Free software for anonymity Category:Whistleblowing Category:Journalism technology